Looking for a nixops python/django example

lunamystry · May 17, 2020, 3:59pm

Hi,

I am trying to deploy a Django application using NixOps and I am not able to. Here is what I have tried:

I build the python package like this (I have a setup.py):

with import <nixpkgs> { };

python38Packages.callPackage buildPythonApplication rec {
  name = "django-example";
  src = ./backend;
  doCheck = false;
  propagatedBuildInputs = [
    python38
    python38Packages.django
    python38Packages.gunicorn
  ];
}

Then in a droplet.nix I want to add lines similar to this (hoping the nginx reverse proxy config will be easy)

# django-example = import ./django-example/default.nix;
# systemd.services.django-example = {
#   enable = true;
#   script = ''
#     ${pkgs.python38Packages.gunicorn}/bin/gunicorn -b 0.0.0.0 -p 8000 --chdir ${django-example} django-example.wsgi:application
#   '';
# };

This is throwing an error about about tmp files. I assume because gunicorn tries to create a tmp directory in django-example but it can’t.

The idea I was trying was:

build python package. I found setup.py and poetry for this and got setup.py working first.
Get nix to build the python package. This is what I pasted above.
deploy using NixOps. It seems to me systemd might be a good fit here.

Is there an example deployment that uses gunicorn that I can use?

DavHau · May 19, 2020, 6:52am

I started the project django-nixos some time ago. I’m using this on a regular basis to deploy django projects.
It has examples for nixos and nixops including reverse nginx with auto letsencrypt and so on.

It includes:

A PostgreSQL DB with access configured for django
A systemd service which serves the project via gunicorn
A defined way of passing secrets to Django without leaking them into /nix/store
Your static files as a separated build artifact (by default served via whitenoise)
Ability to configure some common options like (allowed-hosts, port, processes, threads) through your nix config.
Having your manage.py globally callable via manage-projectname (only via root/sudo)

Let me know if you have any more questions! Also feel free to contribute.

It appears to me that the specific problem you have with gunicorn is to use –chdir to be able to access your python project. Better use –pythonpath instead.

nh2 · December 27, 2020, 12:04am

If found an example here on reddit:

https://www.reddit.com/r/NixOS/comments/bw8xhl/package_a_django_website/

I adapted it to my needs and made sure that the permissions to the sqlite3 file are restricted by rwx------. You can find the example here:

github.com

nh2/u51/blob/4cfa62aef1f08b3271cc701072c289499aa52863/nix/nixos/modules/services/u51.nix

# u51
#
# This module requires initial manual setup using:
#
#     mkdir /var/u51/
#     cd /var/u51/
#     git clone https://github.com/nh2/u51 /var/u51/u51
#
# The DB is by default sqlite, and in the `secrets/` subdirectory,
# so that is where the state is.
{ config, lib, pkgs, ... }:
let
  cfg = config.services.u51;
in
with lib;
{
  options = {

    services.u51 = {

This file has been truncated. show original